The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Anchore Container Image Scanner Plugin

anchore: Anchore Container Image Scanner

  • name
    Name of the file that contains a list of container images for anchore to analyze, evaluate policy, and run queries against. The format for each line is "imageId /path/to/Dockerfile", where the Dockerfile is optional. This file must be made available (created by a prior step) to Anchore Container Image Scanner plugin.
    • Type: String
  • anchoreioPass (optional)
    Your password for the associated username on https://anchore.io
    • Type: String
  • anchoreioUser (optional)
    Your username on https://anchore.io that has access to a custom policy bundle to sync with your local anchore installation
    • Type: String
  • annotations (optional)
      Array/List
      Nested Object
    • key
      • Type: String
    • value
      • Type: String
  • bailOnFail (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the policy evaluation result is FAIL. Default value: 'true'
    • Type: boolean
  • bailOnPluginFail (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the plugin encounters an error. Default value: 'true'
    • Type: boolean
  • bailOnWarn (optional)
    If selected or set to 'true', the Anchore Container Image Scanner step will cause the build to fail if the policy check result is WARN. Default value: 'false'
    • Type: boolean
  • bundleFileOverride (optional)
    Name of the file that contains a custom anchore policy bundle to be used by Anchore policy evaluation engine. If this file does not exist or the field is left blank, anchore will attempt to use any previously synced/cached policy bundles that you may have, or will fail evaluation if no bundle can be found or used.
    • Type: String
  • doCleanup (optional)
    If selected or set to 'true', all images in the input file will be flushed from the Anchore database at the end of plugin execution. Default value: 'false'
    • Type: boolean
  • engineCredentialsId (optional)
    • Type: String
  • engineRetries (optional)
    Number of polling attempts spaced at 5 second intervals spent waiting for the Anchore Engine operation to complete.
    • Type: String
  • engineurl (optional)
    Anchore Engine URL
    • Type: String
  • engineverify (optional)
    • Type: boolean
  • globalWhiteList (optional)
    Name of the file that contains a custom whitelist to be used by Anchore policy evaluation engine. If this file does not exist or the field is left blank, Anchore will use its default global whitelist.
    • Type: String
  • inputQueries (optional)
      Array/List
      Nested Object
    • query
      Any query that Anchore supports. Results of the query will be added to the anchore report upon plugin completion.
      • Type: String
  • policyBundleId (optional)
    ID of the policy bundle on Anchore Engine to be used for policy evaluations. If empty, the policy bundle marked active on Anchore Engine will be used by default.
    • Type: String
  • policyEvalMethod (optional)
    • Type: String
  • policyName (optional)
    Name of the file that contains a custom policy to be used by Anchore policy evaluation engine. If this file does not exist or the field is left blank, Anchore will use its default policy.
    • Type: String
  • useCachedBundle (optional)
    Check this in order to use a previously synced policy bundle (if one exists) in the case where login to anchore.io or bundle sync fails for any reason.
    • Type: boolean
  • userScripts (optional)
    Optional directory that contains user defined Anchore analyzer/gate/query modules that will be executed in addition to the built in analyzer/gate/queries modules. If this directory does not exist or the field is left blank, Anchore will run only its default modules.
    • Type: String

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.